fixed trust_proxy

docker-compose.yml

@@ -1,8 +1,6 @@
 services:
   app:
-    build:
+    image: gitea.calnet.dev/callum/binit:latest
-      context: .
-      dockerfile: Dockerfile
     container_name: binit-app
     env_file:
       - .env
@@ -11,6 +9,7 @@ services:
       MINIO_PORT: ${MINIO_PORT:-9000}
       MINIO_USE_SSL: ${MINIO_USE_SSL:-false}
       PORT: ${PORT:-3000}
+      TRUST_PROXY: ${TRUST_PROXY:-1}
     ports:
       - "3000:3000"
     depends_on:

src/index.js

@@ -10,6 +10,33 @@ const pastesRouter     = require('./routes/pastes');
 const app  = express();
 const PORT = process.env.PORT || 3000;
 
+function parseTrustProxy(value) {
+  if (typeof value !== 'string') {
+    return false;
+  }
+
+  const normalized = value.trim();
+  if (!normalized) {
+    return false;
+  }
+
+  const lower = normalized.toLowerCase();
+  if (['false', 'off', 'no', '0'].includes(lower)) {
+    return false;
+  }
+
+  if (['true', 'on', 'yes'].includes(lower)) {
+    return true;
+  }
+
+  const count = Number.parseInt(normalized, 10);
+  if (String(count) === normalized && Number.isFinite(count) && count >= 0) {
+    return count;
+  }
+
+  return normalized;
+}
+
 function envInt(name, fallback) {
   const raw = process.env[name];
   if (!raw) {
@@ -26,9 +53,9 @@ const CREATE_LIMIT_MAX = envInt('RATE_LIMIT_CREATE_MAX', 40);
 
 app.disable('x-powered-by');
 
-// If deployed behind a reverse proxy/load balancer, set TRUST_PROXY=true.
+const trustProxy = parseTrustProxy(process.env.TRUST_PROXY);
-if (process.env.TRUST_PROXY === 'true') {
+if (trustProxy !== false) {
-  app.set('trust proxy', 1);
+  app.set('trust proxy', trustProxy);
 }
 
 app.use(helmet({